Multiwan and DNS

Wasca

Hi

I have 2 WAN connections. WAN is ADSL2+ PPPOE (with static IP). WAN2 (OPT2) is a static IP.

I've also got a LAN subnet (192.168.1.0/24) and another user subnet on OPT3 (192.168.3.0/24).

I'm getting a little confused with the DNS issues. I want users on both subnets to use the WAN for HTTP traffic and WAN2 for other services like out going VNC sessions. What do I set the LAN users DNS address to? My first guess for LAN users is 192.168.1.1 (PFsense LAN IP), but what if WAN goes down and I want to use WAN2 for these users? How are they meant to do DNS lookups when they have 192.168.1.1 (which is using WAN DNS servers) set as their default DNS server?

Next is OPT3 subnet, what do I set users on this network DNS server to? 192.168.3.1? what if they need to use WAN2 to do a DNS lookup?

Thanks

GruensFroeschli

Search the forum. This has been discussed.
In short: If you want to use DNS servers on WAN2 you need to set a static route for the IP of you DNS pointing to your second gateway.

Wasca

I'm a little confused?

How does setting a static route to a DNS server IP help?

GruensFroeschli

you need to set a static route for the IP of you DNS pointing to your second gateway.

All traffic for this IP will be forced out the WAN2.

Wasca

Ok that makes sense, but does not really clear up the issue from my original post.

If the WAN goes down (or say the DNS server IP on the WAN link) how can clients on the LAN and OPT3 networks do DNS lookups if all these clients DNS settings are pointing to the IP address of the PFSense interface, 192.168.1.1 for LAN and 192.168.3.1 for OPT3?

Can this be overcome by putting a DNS IP for WAN and WAN2 in the general settings page? and then using static routes, is that what you mean?

GruensFroeschli

yes :)

Wasca

How does PFSense then know to use the other secondary DNS IP address?

hoba

Like every other system in the world. If the primary DNS doesn't answer it requests the information form the secondary DNS. This is just the way how DNS works  ;)

GruensFroeschli

Guess ;)

(when the primary is down :D)

Afaik you can add a third and a fourth DNS-entry in the config.xml.
So you can have a primary and secondary entry for for the first interface, and a tertiary and quaternary on the second interface.

Wasca

Afaik you can add a third and a fourth DNS-entry in the config.xml.
So you can have a primary and secondary entry for for the first interface, and a tertiary and quaternary on the second interface.

That's brilliant, I'll be adding all my DNS IP's in then, and adding static routes to them.

Thanks for clearing all that up for me.